Shareaholic < 9.7.6 - Information Disclosure
CVE-2022-0594

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic
Vendor: CVE Published:; 25 July 2022

Summary

The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.

Affected Version(s)

Professional Social Sharing Buttons, Icons & Related Posts – Shareaholic 9.7.6

References

https://wpscan.com/vulnerability/4de9451e-2c8d-4d99-a255-...

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 25, 2022
Vulnerability Reserved
Feb 14, 2022

Credit

Brandon James Roldan